This article covers –
Overall understanding of the domain
Important concepts to focus on from exam point of view
The article is split into 10 parts as below:
Part 1 – Information Systems operations, Management of IS operations, ITSM
Part 2 – Service Level Agreements, Operational Level Agreements, Incident and problem Management process
https://www.infosectrain.com/blog/cisa-domain-4-information-systems-operations-maintenance-and-service-management/
1. CISA DOMAIN 4
Information Systems Operations,
Maintenance & Service Management
sales@infosectrain.com https://www.infosectrain.com
+91-97736-67874
2. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
01
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Overall understanding of the domain:
Weightage - This domain constitutes 20 percent of the CISA exam (approximate-
ly 30 questions)
Covers 23 Knowledge statements
covering the process of auditing
information systems
1. Knowledge of service
management
frameworks
2. Knowledge of
service manag-
ement practices
and service level
management
3. Knowledge of tech-
niques for monitor
third-party performa-
nce & compliance
with service
agreements and
regulatory requirements
4. Knowledge of enterprise architecture (EA)
5. Knowledge of the functionality of fundamental technology (e.g., hardware
& network components, system software, middleware, database manage-
ment systems)
6. Knowledge of system resiliency tools and techniques (e.g., fault tolerant
hardware, elimination of single point of failure, clustering)
7. Knowledge of IT asset management, software licensing, source code man-
agement and inventory practices
8. Knowledge of job scheduling practices, including exception handling
9. Knowledge of control techniques that ensure the integrity of system inter
faces
10. Knowledge of capacity planning & related monitoring tools and techniques
3. Username
Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
02
Email: sales@infosectrain.com Web: https://www.infosectrain.com
11. Knowledge of systems performance monitoring processes, tools & techn-
iques (e.g., network analyzers, system utilization reports, load balancing)
12. Knowledge of data backup, storage, maintenance & restoration practices
13. Knowledge of data
base management
& optimization
practices
14. Knowledge of
data quality
(completeness,
accuracy, integrity)
& life cycle
management (aging,
retention)
15. Knowledge of problem
and incident management
practices
16. Knowledge of change management,
configuration management, release management & patch management
practices
17. Knowledge of operational risks & controls related to end-user computing
18. Knowledge of regulatory, legal, contractual and insurance issues related
to disaster recovery
19. Knowledge of business impact analysis (BIA) related to disaster recovery
planning
20. Knowledge of the development and maintenance of disaster recovery
plans (DRPs)
21. Knowledge of benefits and drawbacks of alternate processing sites (e.g.,
hot sites, warm sites, cold sites)
22. Knowledge of disaster recovery testing methods
23. Knowledge of processes used to invoke the disaster recovery plans
(DRPs)
https://www.infosectrain.com/courses/cisa-certification-training/
4. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
03
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Important concepts from exam point of view:
1. Information Systems operations:
Responsible for ongoing support for an organizations computer and IS
environment
plays a critical role in ensuring that computer operations processing
requirements are met, end users are satisfied & information is processed
securely
2. Management of IS operations:
COBIT 5 framework makes clear distinction between governance and
management, which are as follows:
Governance:
a. Ensures that stakeholder needs, conditions & options are evaluated to
determine balanced, agreed-on enterprise objectives to be achieved;
b. Setting direction through prioritization and decision making; & monitoring
performance and compliance against agreed-on direction and objectives.
c. Overall governance is the responsibility of the board of directors under
the leadership of the chairperson.
d. Specific governance responsibilities may be delegated to special organiz-
ational structures at an appropriate level, particularly in larger, complex
enterprises.
Management:
a. Management plans builds, runs & monitors activities in alignment with the
direction set by the governance body to achieve the enterprise objectives
b. Management is the responsibility of the executive management under the
leadership of the chief executive officer (CEO).
c. IS management has the overall responsibility for all operations within the
IT department
https://www.infosectrain.com/courses/cisa-certification-training/
5. 4. Service Level Agreement and Operational Level
Agreement:
Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
04
Email: sales@infosectrain.com Web: https://www.infosectrain.com
3. IT Service Management framework (ITSM):
Refers to the implementation & management of IT services (people, proce
ss and information technology) to meet business needs
Two frameworks for ITSM:
1. IT Infrastructure Library (ITIL):
a reference body of knowledge for service delivery good practices
a comprehensive framework detailed over five volumes – Service strategy,
Service design, Service transition, services operations, Continual service
improvement
The main objective of ITIL is to improve service quality to the business.
2. ISO 20000-1:2011 Information technology – Service management
Requires service providers to implement the plan-do-check-act (PDCA)
methodology
The main objective is to improve service quality, achievement of the stan
dard certifies organizations as having passed auditable practices and pro
cesses in ITSM.
Service Level Agreement:
The Service Level agreement is a contract between service provider and
customer
SLAs can also be supported by operational level agreements (OLAs)
Operational Level Agreement:
OLA is an agreement between the internal support groups of an institution
that supports SLA
The OLA clearly depicts the performance and relationship of the internal
service groups.
The main objective of OLA is to ensure that all the support groups provide
the intended Service Level Agreement
https://www.infosectrain.com/courses/cisa-certification-training/
6. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
05
Email: sales@infosectrain.com Web: https://www.infosectrain.com
5. Tools to monitor efficiency and effectiveness of
services provided:
¡
Exception reports:
These automated reports identify all applications that did not successfully
complete or otherwise malfunctioned.
An excessive number of exceptions may indicate:
Poor understanding of business requirements
Poor application design, development or testing
Inadequate operation instructions
Inadequate operations support
Inadequate operator training or performance monitoring
Inadequate sequencing of tasks
Inadequate system configuration
Inadequate capacity management
System and application logs:
Refers to logs generated from various systems and applications
Using this software, the auditor can carry out tests to ensure that:
Only approved programs access sensitive data
Only authorized IT personnel access sensitive data
Software utilities that can alter data files and program libraries are used
only for authorized purposes
Approved programs are run only when scheduled and, conversely, that
unauthorized runs do not take place
The correct data file generation is accessed for production purposes
Data files are adequately protected
Operator problem reports – Manual report used by helpdesk to log comp-
uter operations problems & resolutions
Operator work schedules – Report maintained manually by IS manageme-
nt to assist in human resource planning to ensure proper staffing of oper-
ation support
Points to remember:
Availability reports – The report that IS auditor use to check compli-
ance with service level agreements (SLA) requirement for uptime
7. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
06
Email: sales@infosectrain.com Web: https://www.infosectrain.com
6. Incident management and problem management:
Incident management:
An Incident is an event that could lead to loss of, or disruption to, an organ
ization's operations, services or functions.
Incident management is a term describing the activities of an organization
to identify, analyze, and correct hazards to prevent a future re-occurrence.
These incidents within a structured organization are normally dealt with by
either an incident response team (IRT) or an incident management team
(IMT)
Incident management is reactive and its objective is to respond to & resol-
ve issues restoring normal service (as defined by the SLA) as quickly as
possible.
Problem management:
Problem management is the process responsible for managing the lifecy-
cle of all problems that happen or could happen in an IT service.
The primary objectives of problem management are to prevent problems
and resulting incidents from happening, to eliminate recurring incidents, &
to minimize the impact of incidents that cannot be prevented.
7. Support/Help desk – Roles and responsibilities:
The responsibility of the technical support function is to provide specialist
knowledge of production systems to identify and assist in system change
/development and problem resolution.
The basic function of the help desk is to be the first, single and central
point of contact for users and to follow the incident management process
The help desk personnel must ensure that all hardware & software incide-
nts that arise are fully documented and escalated based on the priorities
established by management
https://www.infosectrain.com/courses/cisa-certification-training/
8. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
07
Email: sales@infosectrain.com Web: https://www.infosectrain.com
8. Change management and patch management
process:
Change management:
used when changing hardware, installing or upgrading to new releases of
off-the-shelf applications, installing software patch & configuring various
network devices
Changes are classified into three types:
a) Emergency changes
b) Major changes
c) Minor changes
Patch Management:
an area of systems management that involves acquiring, testing & installi-
ng multiple patches (code changes) to an administered computer system
in order to maintain up-to-date software and often to address security risk
Patch management tasks include the following:
Maintaining current knowledge of available patches
Deciding what patches are appropriate for particular systems
Ensuring that patches are installed properly; testing systems after installa
tion
Documenting all associated procedures, such as specific configurations
required
Points to remember:
Patch Management – The BEST method for preventing exploitation
of system vulnerabilities
https://www.infosectrain.com/courses/cisa-certification-training/
9. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
08
Email: sales@infosectrain.com Web: https://www.infosectrain.com
9. Release management:
Software release management is the process through which software is
made available to users.
The term “release” is used to describe a collection of authorized changes.
The release will typically consist of a number of problem fixes & enhance-
ments to the service.
The release can be of three types:
a. Major releases: Normally contain a significant change or addition to new
functionality. A major upgrade or release usually supersedes all preceding
minor upgrades.
b. Minor releases: Upgrades, normally containing small enhancements and
fixes. A minor upgrade or release usually supersedes all preceding emerg-
ency fixes. Minor releases are generally used to fix small reliability or func
tionality problems that cannot wait until the next major release.
c. Emergency releases: Normally containing the corrections to a small numb-
er of known problems. Emergency releases are fixes that require impleme-
ntation as quickly as possible to prevent significant user downtime to busi
ness-critical functions
While change management is the process whereby all changes go through
a robust testing and approval process, release management is the process
of actually putting the software changes into production.
10. Quality Assurance:
QA personnel verify that system changes are authorized, tested & implemented
in a controlled manner prior to being introduced into the production environm-
ent according to a company’s change and release management policies
https://www.infosectrain.com/courses/cisa-certification-training/
10. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
09
Email: sales@infosectrain.com Web: https://www.infosectrain.com
11. Database management systems (DBMS):
aids in organizing, controlling and using the data needed by application
programs.
A DBMS provides the facility to create & maintain a well-organized data-
base.
Primary functions include:
a. Reduced data redundancy,
b. Decreased access time and
c. Basic security over sensitive
data.
12. DBMS Architecture:
Database architecture
focuses on the design,
development, impleme-
ntation & maintenance of
computer programs that store
& organize information for businesses, agencies
& institutions.
A database architect develops & implements software to meet the needs
of users. The design of a DBMS depends on its architecture
Metadata:
the data (details/schema) of any other data (i.e. data about data)
The word 'Meta' is the prefix that is generally the technical term for self-ref
erential. In other words, we can say that Metadata is the summarized data
for the contextual data.
There are three types of metadata:
i. Conceptual schema,
ii. External schema and
iii. Internal schema
11. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
10
Email: sales@infosectrain.com Web: https://www.infosectrain.com
13. Data Dictionary/Directory system:
Data Dictionary contains an index and descriptions all of the data stored
in database. Directory describes the locations of the data and the access
method
Some of the benefits of using DD/DS include:
Enhancing documentation
Providing common validation criteria
Facilitating programming by reducing the needs for data definition
Standardizing programming methods
https://www.infosectrain.com/courses/cisa-certification-training/
12. !
A L E R T
Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
11
Email: sales@infosectrain.com Web: https://www.infosectrain.com
14. Database structure:
The database structure is the collection of record type & field
type definitions that comprise your database`.
There are three major types of database structure:
i. Hierarchical database model,
ii. Network database model, and
iii. Relational database model
Hierarchical database model:
In this model there is a hierarchy of
parent and child data segments. To
create links between them, this model
uses parent-child relationships.
These are 1:N (one-to-many) mappings
between record types represented by
logical trees
Network database model:
In the network model, the basic
data modeling construct is called
a set.
A set is formed by an owner record type, a
member record type & a name.
A member record type can have that role in
more than one set, so a multiowner
relationship is allowed.
An owner record type can also be a
member or owner in another set. Usually, a set defines 1:N relationship,
although one-to-one (1:1) is permitted
Disadvantages of Network database model:
Structures can be extremely complex and difficult to comprehend, modify
or reconstruct in case of failure.
This model is rarely used in current environments.
The hierarchical and network models do not support high-level queries.
The user programs have to navigate the data structures.
13. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
12
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Relational database model
In Relational database model, the data and relationships among these
data are organized in tables.
A table is a collection of rows, also known as tuples, and each tuple in a
table contains the same columns. Columns, called domains or attributes,
correspond to fields.
Relational database has the following properties:
Values are atomic.
Each row is unique.
Column values are of the same kind.
The sequence of columns is insignificant.
The sequence of rows is insignificant.
Each column has a unique name
The relational model is
independent from the
physical implementation of
the data structure, and has
many advantages over the
hierarchical and network database
models. With relational databases, it is
easier:
For users to understand and implement a
physical database system
To convert from other database structures
To implement projection and join operations
To create new relations for applications
To implement access control over sensitive data
To modify the database
A key feature of relational databases is the use of “normalization”
Normalization:
a technique of organizing the data in the database
a systematic approach of decomposing tables to eliminate data redund-
ancy(repetition) and undesirable characteristics like Insertion, Update &
Deletion Anomalies
14. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
13
Email: sales@infosectrain.com Web: https://www.infosectrain.com
15. OSI Architecture:
OSI model was developed by the International Organization for Standard
ization (ISO) in 1984, and it is now considered as an architectural model
for the inter-computer communications
OSI model is a reference model that describes how information from a
software application in one computer moves through a physical medium
to the software application in another computer.
The OSI (Open Systems Inter-connection) is a proof-of-concept model
composed of seven layers, each specifying particular specialized tasks
or functions.
The OSI model was defined in ISO/IEC 7498, which has the following
parts:
ISO/IEC 7498-1 The Basic Model
ISO/IEC 7498-2 Security Architecture
ISO/IEC 7498-3 Naming and addressing
ISO/IEC 7498-4 Management framework
Each layer is self-contained and relatively independent of the other layers
in terms of its particular function
There are seven OSI layers. Each layer has different functions. They are:
1. Physical Layer
2. Data-Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
https://www.infosectrain.com/courses/cisa-certification-training/
15. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
14
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Points to remember:
The CISA candidate will not be tested on the specifics of this stan
dard in the exam
The functions of each layer are as follows:
1. Physical Layer - The physical layer provides the hardware that transmits
and receives the bit stream as electrical, optical or radio signals over an
appropriate medium or carrier.
2. Data-Link Layer - The data link layer is used for the encoding, decoding
& logical organization of data bits. Data packets are framed & addressed
by this layer, which has two sublayers
3. Network Layer - This layer of the assigned the IP addresses & is responsi
ble for routing & forwarding. This layer prepares the packets for the data
link layer
4. Transport Layer - The transport layer provides reliable and transparent
transfer of data between end points, end-to-end error recovery and flow
control.
5. Session Layer -The session layer controls the dialogs (sessions) between
computers. It establishes, manages & terminates the connections betwe-
en the local and remote application layers
6. Presentation Layer - The presentation layer converts the outgoing data
into a format acceptable by the network standard and then passes the
data to the session layer (It is responsible for translation, compression &
encryption)
7. Application Layer - provides a standard interface for applications that
must communicate with devices on the network (e.g., print files on a net
work-connected printer, send an email or store data on a file server)
Points to remember:
The OSI layer that perform error detection and encryption – Data Link
layer
16. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
15
Email: sales@infosectrain.com Web: https://www.infosectrain.com
16. Application of the OSI model in Network
Architectures:
The concepts of the OSI model are used in the design and development
of organizations network architectures. This includes LAN, WAN, MAN
and use of the public Transmission
Control Protocol/Internet Protocol (TCP/IP)-based global Internet.
The discussion will focus on:
LAN
WAN
Wireless networks
Public global internet
infrastructure
Network administr-
ation and control
Applications in a
networked environment
On-demand computing
Local Area Network
(LAN):
a computer network that
interconnects computers
within a limited area such
as a residence, school, laboratory, university
campus or office building
Media used in LAN:
Copper (twisted-pairs) circuit:
- Twisted pairs are of two types:
(1) Shielded twisted pair - More attenuation, More cross talk and more
interference
(2) unshielded twisted pair – More attenuation, More cross talk & more
interference
-Two insulated wires are twisted around each other, with current flowing
through them in opposite directions.
17. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
16
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Advantages:
a. This reduces the opportunity for cross talk
b. Cheap
c. Readily available
d. Simple to modify
Disadvantages:
a. Easy to tap
b. Easy to splice
c. Interference and Noise
Fiber-optics systems:
It refers to the technology and medium used in the transmission of data
as pulses of light through a strand or fiber medium made of glass or plas
tic flashes of light.
Fiber-optic systems have a low transmission loss as compared to twist
ed-pair circuits.
Optical fiber is smaller & lighter than metallic cable of the same capacity
Fiber is the preferred choice for high-volume, longer-distance runs
Radio systems (wireless):
Data are communicated between devices using low-powered systems
that broadcast (radiate) & receive electromagnetic signals representing
data
Points to remember:
The method of routing traffic through split-cable facilities or duplica-
te-cable facilities is called “Diverse routing”
The type of line media that provides the BEST security for a telecom
munication network is “Dedicated lines”
https://www.infosectrain.com/courses/cisa-certification-training/
18. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
17
Email: sales@infosectrain.com Web: https://www.infosectrain.com
17. LAN Topologies:
Star topology
Bus topology
Ring topology
18. LAN components:
Repeaters - physical layer devices that extend the range of a network or
connect two separate network segments together
Hubs - physical layer devices that serve as the center of a star-topology
network or a network concentrator
Bridges - data link layer devices that were developed to connect LANs or
create two separate LAN or WAN network segments from a single segm-
ent to reduce collision domains
Switches - data link level devices that can divide & interconnect network
segments & help to reduce collision domains in Ethernet-based networks
Routers - operate at the OSI
network layer by examining
network addresses (i.e.,
routing information
encoded in an IP
packet).
Gateways - are devices
that are protocol
converters. Typically,
they connect & convert
between LANs & the
mainframe, or between
LANs & the Internet, at
the application layer of the
OSI reference model
https://www.infosectrain.com/courses/cisa-certification-training/
19. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
18
Email: sales@infosectrain.com Web: https://www.infosectrain.com
19. WAN components:
WAN switches - Data link layer devices used for implementing various
WAN technologies such as ATM, point-to-point frame relay and ISDN
Routers - devices that operate at the network layer of the OSI reference
model & provide an interface between different network segments on an
internal network or connects the internal network to an external network
Modems (modulator/demodulator)
Converts computer digital signals into analog data signals and analog
data back to digital.
A main task of the modems at both ends is to maintain their synchroniza
tion so the receiving device knows when each byte starts and ends. Two
methods can be used for this purpose:
Synchronous transmission - a data transfer method in which a continuo-
us stream of data signals is accompanied by timing signals (generated
by an electronic clock) to ensure that the transmitter and the receiver are
in step (synchronized) with one another. The data is sent in blocks (called
frames or packets) spaced by fixed time intervals
Asynchronous transmission - The term asynchronous is used to describe
the process where transmitted data is encoded with start and stop bits,
specifying the beginning & end of each character. Asynchronous trans
mission works in spurts & must insert a start bit before each data charac
ter & a stop bit at its termination to inform the receiver where it begins &
ends.
20. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
19
Email: sales@infosectrain.com Web: https://www.infosectrain.com
20. WAN technologies:
Point to point protocol - (PPP) is a data link layer communications proto
col used to establish a direct connection between two nodes. PPP is a
widely available remote access solution that supports asynchronous and
synchronous links, and operates over a wide range of media.
X.25 - is a standard suite of protocols used for packet-switched communi
cations over a wide area network
Frame Relay - Frame relay is a packet-switching telecommunication ser
vice designed for cost-efficient data transmission for intermittent traffic
between LAN and between endpoints in WAN
Integrated services digital network (ISDN) – It is a set of communication
standards for simultaneous digital transmission of voice, video, data, and
other network services over the traditional circuits of the public switched
telephone network
Asynchronous transfer mode – ATM is a dedicated-connection switching
technology that organizes digital data into 53-byte cell units & transmits
them over a physical medium using digital signal technology
Multiprotocol label switching - Multiprotocol label switching (MPLS) is a
mechanism used within computer network infrastructures to speed up the
time it takes a data packet to flow from one node to another. It enables
computer networks to be faster and easier to manage by using short path
labels instead of long network addresses for routing network packets.
Digital subscriber lines - Digital subscriber line (DSL) is a technology that
transports high-bandwidth data over simple telephone line that is directly
connected to a modem. This allows for file-sharing, and the transmission
of pictures and graphics, multimedia data, audio and video conferencing
and much more
https://www.infosectrain.com/courses/cisa-certification-training/
21. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
20
Email: sales@infosectrain.com Web: https://www.infosectrain.com
- Virtual Private Network (VPN):
extends a private network across a public network and enables users to
send and receive data across shared or public networks as if their comp-
uting devices were directly connected to the private network. Application
running on an end system (PC, smartphone etc.) across a VPN may there
fore benefit from the functionality, security, and management of the priv-
ate network
VPN technology was developed to allow remote users & branch offices
to access corporate applications and resources. To ensure security, the
private network connection is established using an encrypted layered
tunneling protocol, and VPN users use authentication methods, including
passwords or certificates, to gain access to the VPN.
There are three types of VPNs:
1. Remote-access VPN - Used to connect telecommuters and mobile
users to the enterprise WAN in a secure manner; it lowers the barrier to
telecommuting by ensuring that information is reasonably protected on
the open Internet.
2. Intranet VPN - Used to connect branch offices within an enterprise
WAN
3. Extranet VPN - Used to give business partners limited access to each
other’s corporate network; and example is an automotive manufacturer
with its suppliers
22. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
21
Email: sales@infosectrain.com Web: https://www.infosectrain.com
21. Network Performance Metrics:
Latency: The delay that a message or packet will experience on its way
from source to destination. A very easy way to measure latency in a
TCP/IP network is to use the ping command.
Throughput: The quantity of useful work made by the system per unit of
time. In telecommunications, it is the number of bytes per second that
are passing through a channel.
Points to remember:
Ping command is used to measure the latency
22. Network Management Issues:
A WAN needs to be monitored and managed similarly to a LAN. ISO, as part of
its communications modeling effort (ISO/IEC 10040), has defined five basic
tasks related to network management:
Fault management - Detects the devices that present some kind of tech
nical fault
Configuration management - Allows users to know, define and change,
remotely, the configuration of any device
Accounting resources - Holds the records of the resource usage in the
WAN (who uses what)
Performance management - Monitors usage levels and sets alarms
when a threshold has been surpassed
Security management - Detects suspicious traffic or users, & generates
alarms accordingly
https://www.infosectrain.com/courses/cisa-certification-training/
23. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
22
Email: sales@infosectrain.com Web: https://www.infosectrain.com
23. Network Management tools:
Response Time - Identify the time necessary for a command entered by
users at a terminal to be answered by the host system.
Downtime Reports - Track the availability of telecommunications line &
circuits. Interruptions due to power line failure, traffic, overload, operator
error or other anomalous conditions are identified in a downtime reports
Online Monitors - Check data transmissions accuracy & errors. Monitor-
ing can be performed be echo checking & status checking all transmiss-
ions, ensuring that messages are not lost or transmitted more than one.
Network Monitors - Real time display of network nodes and status.
Protocol Analyzers – It is a diagnostic tool used for monitoring packets
flowing within the network.
Simple Network Management Protocol (SNMP) - It is a TCP/IP-based
protocol that monitors and controls different variables throughout the
network, manages configurations, & collects statistics on performance
and security
Help desk reports - It is prepared by the help desk, which is staffed or
supported by IT technicians trained to handle problems occurring during
normal IS usage.
24. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
23
Email: sales@infosectrain.com Web: https://www.infosectrain.com
24. Disaster Recovery Planning (DRP):
DRP is an element of an internal control system established to manage
availability and restore critical processes/IT services in the event of
interruption.
The purpose of this continuous planning process is
to ensure that cost-effective controls to prevent possible IT disruptions
and
to recover the IT capacity of the organization in the event of a disruption
are in place
DRP is a continuous process. Once the criticality of business processes
& supporting IT service, system & data are defined, they are periodically
reviewed and revisited
The ultimate goal of the DRP process is
to respond to incidents that may impact people and
the ability of operations to deliver goods & services to the marketplace
and to comply with regulatory requirements
The difference between BCP and DRP is as follows:
BCP is focused on keeping the business operations running, perhaps in a
different location or by using different tools or processes, after the disas
ter has happened. DRP is focused on restoring business operations after
the disaster has taken place.
BCP often includes Non-IT aspects of the business. DRP often focuses
on IT systems
https://www.infosectrain.com/courses/cisa-certification-training/
25. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
24
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Points to remember:
The prerequisite for developing a disaster recovery planning is –
to have a management commitment.
The PRIMARY GOAL of Disaster Recovery planning and Business
continuity planning should always be – Safety of Personnel
(Human safety first)
Occupant Emergency Plan (OEP) provides the response procedu-
res for occupants of a facility in the event a situation poses a
threat to the heal and safety of personnel
The critical first step in disaster recovery & contingency planning
is – to complete a business impact analysis
The term “Disaster Recovery” refers to recovery of technological
environment
The BCP is ultimate responsibility of Board of Directors
Minimizing single points of failure or vulnerabilities of a common
disaster is mitigated by geographically dispersing resources.
Disaster Recovery planning addresses the technological aspect of
business continuity planning
A disaster recovery plan for an organization should focus on
reducing the length of recovery time and the cost of recovery.
The results of tests and drills are the BEST evidence of an organi-
zation’s disaster recovery readiness.
Fault-tolerant hardware is the only technology that provides cont-
inuous & uninterrupted support in the event of a disaster or
disruption
26. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
25
Email: sales@infosectrain.com Web: https://www.infosectrain.com
25. Recovery Point Objective (RPO) and Recovery
Time Objective (RTO):
Points to remember:
The CISA candidate should be familiar with which recovery strate
gies would be best with different RTO and RPO parameters.
Recovery Point objective:
RPO is determined based on the acceptable data loss in case of disrup-
tion of operations.
RPO indicates the earliest point in time in which it is acceptable to recov
er the data. For example, if the process can afford to lose the data up to
four hours before disaster, then the latest backup available should be up
to four hours before disaster or interruption and the transactions that
occurred during the RPO period and interruption need to be entered after
recovery (known as catch-up data)
RPO effectively quantifies the
permissible amount of data loss
in case of disruption.
Recovery Time Objective:
The RTO is determined
based on the acceptable
downtime in case of a
disruption of operations.
It indicates the earliest
point in time at which the
business operations (and
supporting IT systems) must
resume after disaster
27. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
26
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Both of these concepts are based on time parameters.
The nearer the time requirements are to the center (0-1 hours), the higher
the cost of the recovery strategies.
If the RPO is in minutes (lowest possible acceptable data loss), then data
mirroring or real-time replication should be implemented as the recovery
strategy.
If the RTO is in minutes (lowest acceptable time down), then a hot site,
dedicated spare servers (and other equipment) and clustering must be
used.
The below table represents the relationship between RPO and RTO:
Disruption hours Recovery Time Objective Recovery Point objective
0 to 1 hour Active-Active clustering Mirroring (Real-time replication)
1 to 4 hours
Active-passive clustering
(Hot Standby)
Disk-based back-ups, snapshots,
delayed replication, log shipping
4 – 24 hours Cold Standby Tape backups, log shipping
Points to remember:
Recovery Point Objective (RPO) will be deemed critical if it is small
If the Recovery point objective (RPO) is close to zero, then it means
that the activity is critical & hence the cost of maintaining the envir-
onment would be higher
The LOWEST expenditure in terms of recovery arrangement can be
through Reciprocal agreement
A hot site is maintained and data mirroring is implemented, where
Recovery Point Objective (RPO) is low
The BEST option to support 24/7 availability is – Data Mirroring
The metric that describes how long it will take to recover a failed
system is – Mean time to Repair (MTTR)
28. PROFILE INFORMATION
LOGIN
Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
27
Email: sales@infosectrain.com Web: https://www.infosectrain.com
26. Additional parameters in defining recovery
strategy:
Interruption window - The maximum period of time the organization can
wait from the point of failure to the critical services/applications restorati-
on. After this time, the progressive losses caused by the interruption are
unaffordable.
Service delivery objective (SDO) - Level of services
to be reached during the alternate process mode
until the normal situation is restored. This is
directly related to
the business needs.
Maximum tolerable
outages - Maximum
time the organizatio-
n can support proc-
essing in alternate
mode. After this point,
different problems may
arise, especially if the
alternate SDO is lower
than the usual SDO, and
the information pending to
be updated can become
unmanageable.
https://www.infosectrain.com/courses/cisa-certification-training/
29. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
28
Email: sales@infosectrain.com Web: https://www.infosectrain.com
27. Recovery strategies:
A recovery strategy identifies the best way to recover a system (one or
many) in case of interruption, including disaster, and provides guidance
based on which detailed recovery procedures can be developed
The selection of a recovery strategy would depend on:
The criticality of the business process and the applications supporting the
processes
Cost
Time required to recover
Security
Recovery strategies based on the risk level identified for recovery are as
follows:
Hot sites - facilities with space and basic infrastructure and all of the IT &
communications equipment required to support the critical applications,
along with office furniture and equipment for use by the staff.
Warm sites - are complete infrastructures but are partially configured in
terms of IT, usually with network connections and essential peripheral
equipment such as disk drives, tape drives and controllers.
Cold sites - are facilities with the space and basic infrastructure adequate
to support resumption of operations, but lacking any IT or communicatio-
ns equipment, programs, data or office support.
Duplicate information processing facilities
Mobile sites - are packaged, modular processing facilities mounted on
transportable vehicles & kept ready to be delivered and set up at a location
that may be specified upon activation
Reciprocal agreements - are agreements between separate, but similar,
companies to temporarily share their IT facilities in the event that one co-
mpany loses processing capability. Reciprocal agreements are not consid
ered a viable option due to the constraining burden of maintaining hardw-
are & software compatibility between the companies, the complications
of maintaining security and privacy compliance during shared operations,
& the difficulty of enforcing the agreements should a disagreement arise
at the time the plan is activated.
30. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
29
Email: sales@infosectrain.com Web: https://www.infosectrain.com
Reciprocal arrangements with other organisations - are agreements betw-
een two or more organizations with unique equipment or applications.
Under the typical agreement, participants promise to provide assistance
to each other when an emergency arises.
Points to remember:
The CISA candidate should know these recovery strategies & when
to use them
An offsite information processing facility having electrical wiring,
air conditioning and flooring, but no computer or communications
equipment is a Cold site
The type of offsite information processing facility is often an acc-
eptable solution for preparing for recovery of non-critical systems
and data is a cold site
Data mirroring and parallel processing are both used to provide
near-immediate recoverability for time-sensitive systems & trans-
cation processing
Organizations should use off-site storage facilities to maintain
redundancy of current and critical information within backup files.
An off-site processing facility should not be easily identifiable
externally because easy identification would create an additional
vulnerability for sabotage
The GREATEST concern when an organization's backup facility is
at a warm site is – Timely availability of hardware.
The GREATEST risk created by a reciprocal agreement for disaster
recovery made between two companies is – Developments may
result in hardware and software incompatibility.
https://www.infosectrain.com/courses/cisa-certification-training/
31. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
30
Email: sales@infosectrain.com Web: https://www.infosectrain.com
28. Different Recovery/continuity/response teams
and their responsibilities:
Incident response team
Emergency action team
Information security team
Damage assessment team
Offsite storage team
Software team
Applications team
Administrative support team
Salvage team
Emergency operations team
Network recovery team
Communications team
Transportation team
User hardware team
Relocation team
Legal affairs team
Recovery test team
Training team
Points to remember:
The responsibility of disaster recovery relocation team is to co-or
dinate the process of moving from hot site to a new location or to
the restored original location.
The responsibility of offsite storage team is to obtain, pack and
ship media and records to the recovery facilities, as well as estab
lishing and overseeing an offsite storage schedule.
The responsibility of transportation team is to locate a recovery
site, if one has not been predetermined, and coordinating the trans
port of company employees to the recovery site.
The responsibility of salvage team is managing the relocation proj
ect and conducting a more detailed assessment of the damage to
the facilities and equipment.
32. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
31
Email: sales@infosectrain.com Web: https://www.infosectrain.com
29. Back-up and restoration:
Back-up schemes:
There are three main schemes
for backup:
Full back-up - This type of
backup scheme copies all
files & folders to the backup
media, creating one backup set
(with one or more media,
depending on media
capacity)
Incremental back-up - An
incremental backup copy
the files and folders that
changed or are new since the
last incremental or full backup
Differential back-up - A
differential backup will copy all files & folders that have been added or
changed since a full backup was performed. This type of backup is faster
& requires less media capacity than a full backup & requires only the last
full and differential backup sets to make a full restoration
Points to remember:
The BEST backup strategy for a large database with data support
ing online sales is – Weekly full back-up with daily incremental
back-up
https://www.infosectrain.com/courses/cisa-certification-training/
33. Authorized Training Partner
Business
Partner
Global Training Provider
Authorized Training
TM
R
32
Email: sales@infosectrain.com Web: https://www.infosectrain.com
30. Disaster Recovery testing methods:
Checklist review - This is a preliminary step to a real test. Recovery check
lists are distributed to all members of a recovery team to review & ensure
that the checklist is current.
Structured walk-through - Team members physically implement the plans
on paper & review each step to assess its effectiveness, identify enhance-
ments, constraints and deficiencies.
Simulation test -The recovery team role plays a prepared disaster scenario
without activating processing at the recovery site.
Parallel test - The recovery site is brought to a state of operational readin-
ess, but operations at the primary site continue normally.
Full interruption test - Operations are shut down at the primary site and
shifted to the recovery site in accordance with the recovery plan; this is the
most rigorous form of testing but is expensive and potentially disruptive.
Points to remember:
A continuity plan test that uses actual resources to simulate a syst-
em crash to cost-effectively obtain evidence about the plan's effecti-
veness is preparedness test
The most effective test of DRP for organisations having number of
offices across a wide geographical area is preparedness test
The type of BCP test that requires only representatives from each
operational area to meet to review the plan is Walk-through test
https://www.infosectrain.com/courses/cisa-certification-training/